Siemens, Schneider Electric collaborate to fix over 200 vulnerabilities
Take action: IoT patches are very difficult to deploy, since in manufacturing "if it ain't broken you don't fix it". But try to persuade your managers to at least address the critical bugs.
Learn More
Siemens and Schneider Electric have collaborated to address a significant number of security vulnerabilities in their respective industrial products. Siemens has released twelve new advisories, tackling nearly 200 security bugs across various systems. Specifically, Siemens alerted its customers about approximately 108 Linux kernel flaws and 54 BIOS vulnerabilities that affect its Simatic S7-1500 offering.
Among the vulnerabilities resolved by Siemens are critical flaws that allowed remote code execution in Simatic Step 7 and Sicam Q200.
Additionally, high-severity bugs in Sicam A8000, Simatic WinCC, Teamcenter Visualization, JT2Go, and Solid Edge have been patched. Exploitation of these high-severity vulnerabilities could have enabled arbitrary code execution.
Siemens has also addressed medium-severity vulnerabilities in Simatic WinCC, TIA Portal, and Simotion.
In parallel, Schneider Electric has resolved five security flaws in its products. Two of these vulnerabilities were classified as high-severity and affected the Foxboro distributed control system.
Schneider Electric also fixed vulnerabilities in its Foxboro SCADA, EcoStruxure Operator Terminal Expert, Pro-face BLUEm, and Interactive Graphical SCADA System offerings.
